diff --git a/.env.sample b/.env.sample index 6b27e7b..98d1b56 100644 --- a/.env.sample +++ b/.env.sample @@ -29,5 +29,4 @@ COMPOSE_FILE="compose.yml" # Enable an SSH server to allow SFTP uploads to the web root #COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml" -#SECRET_SSH_PASSWORD_VERSION=v1 -#SSH_PORT="2222" # this doesn't work yet, maybe an abra bug? \ No newline at end of file +#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate \ No newline at end of file diff --git a/README.md b/README.md index 51d2480..c375358 100644 --- a/README.md +++ b/README.md @@ -28,5 +28,20 @@ Custom HTML website, served using Nginx. abra app cp YOURAPPDOMAIN index.html app:/usr/share/nginx/html ``` +## Allowing upload via SSH/SFTP +To allow management of your site's files using scp, rsync or other SSH-based tools: +1. If you don't already have one, generate an SSH keypair using `ssh-keygen` +1. `abra app config YOURAPPDOMAIN` +2. Uncomment these lines and add your public key: +``` +#COMPOSE_FILE="$COMPOSE_FILE:compose.sftp.yml" +#PUBLIC_KEY="ssh-ed25519 AAAAC3NzaJ1lZDI1NTE5AAAAIXqf4nxUxuGmLOaxXXXXXXXXoM/GwhcrAgmtbgXToaYmCJ user@host" # Replace with a public key you generate +``` +3. `abra app undeploy YOURAPPDOMAIN` +3. `abra app deploy YOURAPPDOMAIN` +4. Test the SSH connection: `ssh -p 2220 sftp@YOURAPPDOMAIN` +5. You can copy local files into the server's web root with a command like: `scp -r -P 2220 * sftp@YOURAPPDOMAIN:/content` + + [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra [`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik diff --git a/compose.sftp.yml b/compose.sftp.yml index 7a8fca7..399f305 100644 --- a/compose.sftp.yml +++ b/compose.sftp.yml @@ -8,11 +8,8 @@ services: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - - PASSWORD_ACCESS=true - - USER_PASSWORD_FILE=/run/secrets/ssh_password - USER_NAME=sftp - secrets: - - ssh_password + - PUBLIC_KEY volumes: - content:/content:rw ports: @@ -36,11 +33,6 @@ services: - content:/content:rw entrypoint: [ "bash", "-c", "sleep 10 && chown -R 1000:1000 /content"] -secrets: - ssh_password: - external: true - name: ${STACK_NAME}_ssh_password_${SECRET_SSH_PASSWORD_VERSION} - volumes: content: